Wallace could have faced up to 16 years imprisonment, but in the end was sentenced to just two-and-a-half years in prison and five years of supervised release.

He was also ordered to pay US$310,628.55 in restitution, according to the Office of the U.S. Attorney for the Northern District of California. That's about one cent for every message sent or about 60 cents per account compromised.

Using a Facebook account in the fictitious name of David Frederix, Wallace honed his phishing technique. He automated the process of signing into a Facebook user's account, retrieving a list of their friends, and then sending them each a message.

That message encouraged them to log into a website that would trick them into divulging their Facebook username and password before directing them to an affiliate website that paid him for the traffic. Wallace then continued his spam campaign using the newly gathered login credentials.

Facebook had previously filed a lawsuit against him under the CAN-SPAM act, resulting in March 2009 in an order not to access or attempt to access Facebook's computer network in any manner whatsoever. However, Wallace admitted that just weeks later, he flouted that order by logging into his Facebook account while on a plane heading from Las Vegas to New York.

Market Place

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.